CVE-2026-46080

A flaw was found in the Linux kernel's Oracle Cluster File System 2 ocfs2 component. During direct I/O DIO write operations, specifically in the ocfs2dioendiowrite function, an issue with transaction splitting can lead to credit exhaustion in the Journaling Block Device 2 JBD2 subsystem. This can...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: fs/jfs: Added validation for dbmaxag and dbagpref. Both dbmaxag and dbagpref are used as indexes for the dbagfree array. However, there is currently no validation for these values, which can lead to errors. The following is a...

USN-8260-1 linux-azure-fips vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Only dirty folio entries are marked when regular files are journaled. fstest generic/388 occasionally causes a crash that appears as follows: BUG: The kernel dereferes a NULL pointer. Address: 0000000000000000 Call Trace:...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed a null pointer dereference in dtInsertEntry Reported by syzbot General protection fault, likely for a non-canonical address 0xdffffc0000000001: 0000 1 PREEMPT SMP KASAN PTI KASAN: nullptrderef in range...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Validated AG parameters in dbMount to prevent crashes. Validated dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. The limits are derived from...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jbd2: fixed the potential buffer head reference count leak. In the case of jbd2fcwaitbufs, if the buffer is not up-to-date, it will return -EIO without updating journal-jfcoff. However, in jbd2fcreleasebufs, the buffer head will ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: fixed an array-index-out-of-bounds issue in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 The index -878706688 is out of range for the type 'struct iagctl128' CPU: 1 PID: 5065 Comm:...

USN-8185-1: Linux kernel (NVIDIA) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

CLSA-2026-1775224807 Fix of 95 CVEs

CVE-2025-39683 - tracing: Remove unneeded goto out logic CVE-2025-39683 - tracing: Limit access to parser-buffer when tracegetuser failed CVE-2025-39683 CVE-2025-38079 - crypto: algifhash - fix double free in hashaccept CVE-2025-38079 CVE-2025-38159 - wifi: rtw88: fix the 'para' buffer size to...

USN-8116-1: Linux kernel (Intel IoTG Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - ATM...

jbd2: prevent softlockup in jbd2_log_do_checkpoint()

...

MiracleLinux 9 : kernel-5.14.0-570.30.1.el9_6 (AXSA:2025-10778:57)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10778:57 advisory. kernel: media: uvcvideo: Fix double free in error path CVE-2024-57980 kernel: wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 kerne...

CVE-2022-50839 jbd2: fix potential buffer head reference count leak

In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2fcwaitbufs' if buffer isn't uptodate, will return -EIO without update 'journal-jfcoff'. But 'jbd2fcreleasebufs' will release buffer head from ‘jfcoff - 1’ if 'bh' is...

CLSA-2025-1765463110 kernel: Fix of 51 CVEs

Bluetooth: MGMT: Protect mgmtpending list with its own lock CVE-2025-38117 - padata: Fix pd UAF once and for all CVE-2025-38584 - wifi: cfg80211: Fix use after free for wext CVE-2023-53153 - padata: Fix list iterator in padatadoserial - padata: do not leak refcount in reorderwork CVE-2025-38031 -...

CVE-2023-53766

JFS filesystem code neglects to verify whether the filesystem is mounted read-only before initiating transactions in txBegin. When write operations are attempted on a read-only mount, the missing check allows execution to proceed with uninitialized transaction structures, culminating in a NULL...

jfs: Verify inode mode when loading from disk

...

CVE-2025-40312 jfs: Verify inode mode when loading from disk

In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 "isofs: Verify inode mode when loading from disk" does...

kernel: ext4: only dirty folios when data journaling regular files

In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace:...

AlmaLinux 10 : kernel (ALSA-2025:12662)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:12662 advisory. kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: HI...